From: Jan Beulich <jbeulich@suse.com>
To: Alan Modra <amodra@gmail.com>
Cc: binutils@sourceware.org
Subject: Re: Recursion in as_info_where
Date: Fri, 3 Feb 2023 14:44:06 +0100 [thread overview]
Message-ID: <c39ae5e6-a8e2-26e5-f312-e7c052820cb5@suse.com> (raw)
In-Reply-To: <Y9pUEpcfeEz4PqkC@squeak.grove.modra.org>
On 01.02.2023 12:59, Alan Modra wrote:
> On Wed, Feb 01, 2023 at 10:24:25AM +0100, Jan Beulich wrote:
>> On 01.02.2023 07:36, Alan Modra via Binutils wrote:
>>> This function has a gas_assert, ie. possible call to as_abort, which
>>> calls as_report_context, which calls as_info_where. Attached fuzzer
>>> testcase managed to trigger a stack overflow.
>>>
>>> * messages.c (as_info_where): Don't gas_assert.
>>>
>>> diff --git a/gas/messages.c b/gas/messages.c
>>> index 0db075d779c..7c018acf69f 100644
>>> --- a/gas/messages.c
>>> +++ b/gas/messages.c
>>> @@ -141,8 +141,6 @@ as_info_where (const char *file, unsigned int line, unsigned int indent,
>>> va_list args;
>>> char buffer[2000];
>>>
>>> - gas_assert (file != NULL && line > 0 && indent <= INT_MAX);
>>
>> If this go in the way, isn't it that the assertion actually triggered?
>> In which case shouldn't the cause for it triggering be addressed
>> instead, to avoid subsequent knock-on damage (e.g. from de-referencing
>> "file"? (I may want to play with the testcase a little myself.)
>
> The testcase is really weird, something that no programmer would ever
> write. It failed the assert with line == 0. I'll let you discover
> the horrible "# line file" with embedded \0 that gets you there. :-)
Sure. That's an interaction bug between read_a_source_file()'s bumping
of line numbers and s_linefile() trying to compensate. I have a fix for
that, but I'll want to give it wider testing before posting.
As to the assertion here, I'd prefer if we would keep it, and do e.g.
the below instead. Thoughts?
Jan
--- a/gas/messages.c
+++ b/gas/messages.c
@@ -140,6 +140,12 @@ as_info_where (const char *file, unsigne
{
va_list args;
char buffer[2000];
+ static bool active;
+
+ /* We can come back here if e.g. the assertion below triggers. */
+ if (active)
+ return;
+ active = true;
gas_assert (file != NULL && line > 0 && indent <= INT_MAX);
@@ -148,6 +154,8 @@ as_info_where (const char *file, unsigne
va_end (args);
fprintf (stderr, "%s:%u: %*s%s%s\n",
file, line, (int)indent, "", _("Info: "), buffer);
+
+ active = false;
}
/* Send to stderr a string as a warning, and locate warning
next prev parent reply other threads:[~2023-02-03 13:44 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-02-01 6:36 Alan Modra
2023-02-01 9:24 ` Jan Beulich
2023-02-01 11:59 ` Alan Modra
2023-02-03 13:44 ` Jan Beulich [this message]
2023-02-06 1:41 ` Alan Modra
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c39ae5e6-a8e2-26e5-f312-e7c052820cb5@suse.com \
--to=jbeulich@suse.com \
--cc=amodra@gmail.com \
--cc=binutils@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).